Dear all
After I execute command " ldapsearch -x -W -D 'cn=admin,dc=example,dc=com' -ZZ '(uid=david)' " I get following log portion(debug at level 1):
slapd starting slap_listener_activate(8):
slap_listener(ldap:///)
connection_get(13): got connid=0 connection_read(13): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next conn=0 op=0 do_extended ber_scanf fmt ({m) ber: send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush2: 14 bytes to sd 13 connection_get(13): got connid=0 connection_read(13): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data /TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A/ connection_get(13): got connid=0 connection_read(13): checking for input on id=0 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data /connection_read(13): unable to get TLS client DN, error=49 id=0/ connection_get(13): got connid=0 connection_read(13): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 44 contents: ber_get_next conn=0 op=1 do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber:
dnPrettyNormal: <cn=admin,dc=example,dc=com>
<<< dnPrettyNormal: <cn=admin,dc=example,dc=com>, <cn=admin,dc=example,dc=com> do_bind: version=3 dn="cn=admin,dc=example,dc=com" method=128 do_bind: v3 bind: "cn=admin,dc=example,dc=com" to "cn=admin,dc=example,dc=com" send_ldap_result: conn=0 op=1 p=3 send_ldap_response: msgid=2 tag=97 err=0 ber_flush2: 14 bytes to sd 13 connection_get(13): got connid=0 connection_read(13): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 55 contents: ber_get_next conn=0 op=2 do_search ber_scanf fmt ({miiiib) ber:
dnPrettyNormal: <dc=example,dc=com>
<<< dnPrettyNormal: <dc=example,dc=com>, <dc=example,dc=com> ber_scanf fmt ({mm}) ber: ber_scanf fmt ({M}}) ber: => hdb_search bdb_dn2entry("dc=example,dc=com") => hdb_dn2id("dc=example,dc=com") <= hdb_dn2id: got id=0x1 entry_decode: "" <= entry_decode() search_candidates: base="dc=example,dc=com" (0x00000001) scope=2 => hdb_dn2idl("dc=example,dc=com") => bdb_equality_candidates (objectClass) => key_read <= bdb_index_read: failed (-30988) <= bdb_equality_candidates: id=0, first=0, last=0 => bdb_equality_candidates (uid) <= bdb_equality_candidates: (uid) not indexed bdb_search_candidates: id=-1 first=1 last=11 hdb_search: 1 does not match filter entry_decode: "" <= entry_decode() hdb_search: 2 does not match filter entry_decode: "" <= entry_decode() hdb_search: 3 does not match filter entry_decode: "" <= entry_decode() hdb_search: 4 does not match filter entry_decode: "" <= entry_decode() hdb_search: 5 does not match filter entry_decode: "" <= entry_decode() hdb_search: 6 does not match filter entry_decode: "" <= entry_decode() hdb_search: 7 does not match filter entry_decode: "" <= entry_decode() hdb_search: 8 does not match filter entry_decode: "" <= entry_decode() hdb_search: 9 does not match filter entry_decode: "" <= entry_decode() => send_search_entry: conn 0 dn="uid=david,ou=Users,dc=example,dc=com" ber_flush2: 199 bytes to sd 13 <= send_search_entry: conn 0 exit. entry_decode: "" <= entry_decode() hdb_search: 11 does not match filter send_ldap_result: conn=0 op=2 p=3 send_ldap_response: msgid=3 tag=101 err=0 ber_flush2: 14 bytes to sd 13 connection_get(13): got connid=0 connection_read(13): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 13 failed errno=0 (Success) conn=0 op=3 do_unbind connection_close: conn=0 sd=13 TLS trace: SSL3 alert write:warning:close notify
What cause these errors? ,What do these errors mean?
/TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A //connection_read(13): unable to get TLS client DN, error=49 id=0
/How can I fix these problems?
Thankyou
Jittinan Suwanrueangsri/ /
Jittinan Suwanrueangsri jittinan2@gmail.com writes:
Dear all
After I execute command " ldapsearch -x -W -D 'cn=admin,dc=example,dc=com' -ZZ '(uid=david)' " I get following log portion(debug at level 1):
slapd starting slap_listener_activate(8):
slap_listener(ldap:///)
[...]
connection_read(13): unable to get TLS client DN, error=49 id=0
[...]
What cause these errors? ,What do these errors mean?
TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_read(13): unable to get TLS client DN, error=49 id=0
How can I fix these problems?
The error report is quite clear, the client presented a certificate of which the DN does not match the requirements. You presumably require a client certificate verification by the server.
-Dieter
openldap-technical@openldap.org
-
Dieter Kluenter -
Jittinan Suwanrueangsri